[Samba] Re: Domain admins not getting local admin rights

Robert M. Martel bob at urban.csuohio.edu
Fri Jan 28 17:45:08 GMT 2005


On 01/28/2005 10:33 AM, Morgan Toal wrote:
> Hi there,
> 
> Thanks to everyone for their suggestions.
> 
> Unfortunately, I must be missing something, I did delete the 
> group_mappings.tdb and re-create my groups. This has not improved the 
> situation unfortunately.
> 
> Where else might I look?
...

I saw a problem like this when testing Samba 3 on Solaris 9.  I had to 
make sure that the "domain admin" group mapped to the unix group that I 
wanted *and* that unix group had to be the PRIMARY group for the user in 
question.

Under Samba 2 I had several users that were in the unix "ntadmin" group 
as one of their secondary groups and my smb.conf was set accordingly. 
Everything worked as expected.

Under Samba 3 I mapped the "Domain Admin" group o the same unix group - 
but the users never received the administrative privileges.  I payed 
around for a bit and finally tried mapping "Domain Admin" to my primary 
group and then I was able to receive the administrative privileges.

I asked on the list at the time if this was the expected behavior - 
which is to say Samba ignored the user's secondary group for this role, 
or if I had happened upon a bug.  I did not receive an answer at the time.

-Bob Martel

-- 
***********************************************************************
Bob Martel,System Administrator  I met someone who looks a lot like you
Levin College of Urban Affairs   She does the things you do
Cleveland State University       But she is an IBM
(216) 687-2214
bob at urban.csuohio.edu                                -Jeff Lynne
***********************************************************************


More information about the samba mailing list